patch set for #90289

Nikos Mavrogiannopoulos nmav at
Wed Jun 24 05:58:39 PDT 2015

On Wed, 2015-06-24 at 10:03 +0200, Nikos Mavrogiannopoulos wrote:
> This patch set eliminates two issues in the proxy module:
> 1. A process using the proxy module would crash if at some point 
> after
> The issue (1) is very tricky to debug, the reason that the crash
> happened on the parent is not clear to me (they are different 
> processes after all). The crash is in binding_C_Finalize() after 
> having passed from ffi. See the comments in 0004 for the fix.

Things became more clear when I checked libffi's dlmmap_locked() and
the trace.

22225 open("/tmp/ffitnd0s0", O_RDWR|O_CREAT|O_EXCL, 0600) = 3
22225 unlink("/tmp/ffitnd0s0")          = 0
22225 ftruncate(3, 4096)                = 0
22225 mmap(NULL, 4096, PROT_READ|PROT_EXEC, MAP_SHARED, 3, 0) =
22225 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_SHARED, 3, 0) =

My understanding is that libffi allocates shared memory so a
deallocation in the child process would affect a deallocation in the
parent process. I'm not familiar with libffi, but is that the 
intended/documented behavior? Looks pretty scary.

A better/more precise fix (replacement for 0002-Do-not-finalize-modules
-created-in-another-pid.patch) is attached.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Do-not-deinitialize-libffi-s-wrapper-functions-in-ch.patch
Type: text/x-patch
Size: 1362 bytes
Desc: not available
URL: <>

More information about the p11-glue mailing list